Reputation: 29740
Why does asp.net perform a 302 before logging me in?
I have a default asp.net MVC project and it perfroms a 302[Found] redirect with my auth cookie and then I can see a request to the root for what seems to be no reason. I would have thought all that was needed was a single request but you can see from fiddler I have two which is confusing. Can anyone explain why the second request has to happen is this something I should disable?
Upvotes: 4
Views: 282
Answers (1)
Reputation: 57907
In order for you to be logged in, ASP.NET needs to drop a cookie on your machine. To do this, it must send the cookie in the response. In order for that cookie to be used on subsequent requests, it must be sent on the following request.
A 302 redirect provides a nice way for this to happen. The server issues the 302 redirect, sending the cookie to the browser along the way. The browser responds by issuing another request to the redirected resource, which this time includes the cookie required to ensure the user is Authenticated.
Upvotes: 6
Related Questions
- Why does a Asp.Net HTTP POST cause a 302 Redirect to GET even with EnableSessionState set to False
- ASP.NET MVC POST incorrectly returning HTTP 302
- ASP.NET MVC Authorize Attribute does a 302 redirect when the user is not authorized
- HttpStatusCodeResult(401) returns "302 Found"
- ASP.NET MVC app with forms authentication going to the login url gets me a 302 and then a 401
- IIS - Unexplained 302 response code
- ASP.NET MVC Routing configuration giving Http 302 Object moved to
- 302 redirect still attempting to run original request
- ASP.NET MVC - Action with parameter is redirecting to login page which shouldn't be
- ASP.Net converts 401 to 302 error codes